— The Story —
— Jacob
A $200 million mistake and a moral young hacker who saved everyone
This book is a living draft, everything is subject to improvement through further research and reflection.
Show most recent chapter firstCurrently 9552 words (~ 38 pages)
Chapter 1
Monday madness: torture begins
Today is Monday, March 13th, 2023. It's a beautiful sunny day. Someone has stolen 200 million dollars.
"Oh no, not again!"
I ungladly contributed a substantial amount to the stolen total. What an eventful start to the week, isn't it? They say it's just money. Yes, it's just money. I didn't also lose a shoe for example. The interesting thing though is that the money isn't really lost, we know exactly where it is. If you lose an umbrella, you have no idea where it is. If a banknote falls out of your pocket, it's a similar situation. In this case, I can observe the lost funds precisely, but only from a distance and without even needing binoculars.
We knew it! 'Crypto is only for speculators and criminals.'
Looks like I'll have to go back to a normal job after a decade of living outside of the system.
The probability of the programmer being male is much higher, as most smart contract programmers are currently male (although not all). Throughout the book, we will refer to an accomplished programmer as 'Mr. Programmer,' or sometimes 'Your Majesty, Mr. Programmer.' Anyone who charges $1,500,000 for one line of their code is truly a king or at least a knight of programming. It's still unclear whether we're dealing with a white or black knight. The principles and challenges of Smart Contract systems, which are actually (supposedly immutable) computer programs, will be discussed further in this science-fiction thriller. Immutable means that nobody can change the code once it has been deployed and is running autonomously.
At the moment, we are closely monitoring every move of the stolen funds, while also having the ability to influence Mr. Programmer through a Discord channel. Discord is an advanced chat system used by various communities, including users of the Euler protocol. There are 800 of us in the channel, while there are approximately seven thousand people affected by the theft. We assume that Mr. Programmer is among us, so we are trying to influence him to return the funds. His Majesty's behavior is unpredictable, and there is always a possibility that he may change his mind. Otherwise, he will have to live with a shadow of doubt surrounding his invisibility until the bitter end.
Seven thousand people — each with their own story, which a negative number cannot simply summarize. For someone, even a few thousand means a lot, depending on the country, age, and everything else. Two hundred million! Almost too much even for the King of Programming; what will he do with this money? He probably wonders himself, and we help him with that, but we're not sure he sees our messages. We also have some pride left and try not to beg him to come to his senses. We simply put him in front of the fact that it will be difficult to hide and that it pays off to return 90% of the money, while he can keep and legalize 10%. He can still hide his identity, and in this way, there will be far fewer Programming Gods (likely much smarter than His Majesty overall) interested in identifying him through detective analytical methods over time. As an interesting fact or whim, the knight returned 100 ETH of capital to one of the mercy seekers, even though the person actually lost only 78 ETH. Messages with requests encoded in transactions with a cryptoeconomic value of zero are sent to the gentleman's cryptographic address and are visible to everyone. Hundreds of people send their thoughts daily to the address 0xb66cd966670d, and only one has managed to get their funds back. The gentleman plays with the thoughts and hopes of thousands while they sip a special liquid called hopium. Hopium is an invisible substance that gives everyone hope.
Every now and then, a gentle spring breeze blows after a portion of money and the money disappears with almost no trace; simple binoculars are no longer good enough. Mr. Programmer not so chivalrously transfers the funds to a large washing machine called Tornado Cash, where the true origin of the funds is mostly lost. Tornado is similarly to the Euler protocol a set of Smart Contracts, but for a different purpose. So far, the funds that our programmer has aired out and "cleaned" are very small, barely 2% of the loot. Whether a hurricane will come in our case, we do not know yet.
Blockchain programmers must be increasingly careful about the impenetrability of their code — it is becoming tense and very interesting, in fact, also stable. A balance has been established but there is an occasional broken fence. Programmers do not keep making the same mistakes but instead they learn. At the same time protocols are becoming increasingly complex, and therefore sometimes still prone to failure. In a few years, this will no longer be the case, and some surviving protocols will become the foundation of economic coordination in our world.
Why did I even entrust a significant part of my funds to this protocol? I will discuss this in more detail throughout the book. The short answer is that I acted as structured and safe as possible at that moment, with the intention of reducing risk. I attributed a very small percentage to the possibility of technical failure and subsequent theft (but it still happened). Those who got burned were not beginners looking to speculate but rather advanced and experienced users of these emerging principles, technologies, and modern science. Now, some are also learning a little about the importance of basic luck, because we always need some luck. The scientific problem with luck is that it is probability, and the probability of a catastrophic error always exists. The longer you are in the industry and the more protocols you use, the greater the chance of error... at least during the intermediate period until the industry stabilizes and evolution does its job. Those who lose time and money on decentralized protocols are like astronauts who get into accidents during the initial exploration of Mars or other planets in the future. Some explorers, however, get into just enough trouble to become smarter and, over time, wealthier if their brainwork touches the matrix that drives both cryptographic networks and the rest of the world. The matrix exists, but we can only reach it through experiences, upheavals, and extensive study.
I am a little over 40 years old and, in principle, I can also start over. Alright, then I will!
It just happens, I didn't pay attention well enough. I could have done more... but still there was no chance of reading every set of Smart Contracts in detail. In reality, this time I almost couldn't have been more careful, which is even more interesting and will be a significant part of the topic of the book before you. Everything will be explained step by step. The entire experience is not entirely random but is very much in step with the times and follows a certain cadence of world events. The book has already been written through the past; now it is just being recorded, which should be the easiest part.
Throughout the week, I have also already sent out two job applications.
Maybe I could be a driver? Or perhaps a dog walker? Yes, that would be perfect for me!
Maybe it's a bit too uneventful and free of stress? I would probably last two days or two weeks before feeling that time is slipping away and I am becoming more and more uneducated by standing still while the world advances. This is not such a strange perspective when you are interested in these things. The matrix! The background and reasons for things; just everyday life isn't interesting! Everyday life, but embedded in the matrix. That's it!
I will write a book, and that will be my new job! I prefer writing computer code, and that part will have to wait a bit due to the lightning-fast (flash) loan with which the knight attacked our pool of money.
"This week has been the longest year of my life" — Euler Discord user
Chapter 2
All money returned?
Euler team just posted a special announcement regarding the conclusion of the first phase of Euler protocol recovery. The most notable part is likely:
The return represents one of the largest recoveries of stolen assets in blockchain history. It follows an intensive investigation involving collaboration between security professionals, law enforcement, and community volunteers.
This was indeed a proper marathon and an endurance training for all involved. It could have ended differently. We are actually not learning a lot of background from this announcement so let's expand a bit. I have some knowledge about how the community part of investigation was developing and there are very interesting lessons in there.
To refresh a bit: three weeks ago on March 13th 2023 we all received a very cold shower, some of us losing a bit more money at a quite inappropriate moment in our lives than we really planned for or desired. I got a new job since then and I'm ok but in my free time I did eveything I could to increase the chances of Mr. Coder doing the right thing for him, us and the team by returning most or all of the funds. He had quite a hard time reaching this conclusion.
And no, my new job was not a dog walker, this turned out too boring and not stressful enough. I was fired in the first week because I was coding in the park and the dogs were running loose. My actual job was to do everything I can to help with return of funds. Interesting fact was that exploiter was reading this emerging book from the start and it helped him figure out it is a losing battle.
We simply put him in front of the fact that it will be difficult to hide and that it pays off to return 90% of the money, while he can keep and legalize 10%. He can still hide his identity, and in this way, there will be far fewer Programming Gods (likely much smarter than His Majesty overall) interested in identifying him through detective analytical methods over time. (from Chapter 1)
Our combined pressure with some doing exact blockchain analysis and tracking and others pointing out the obvious things in simple language all helped reach the final outcome. Everything helped and it is all a success story but we will need to go back in time to before March 13th as well. Are we not interested how it was even possible for someone to just snatch $200 million? What went wrong?
Devil's Advocate (noun)
a person who advocates an opposing or unpopular cause for the sake of argument or to expose it to a thorough examination.
Let's do some of that in the next chapter (with some feelings still included just because they are present).
Mr. Coder decided to contact me on Discord on March 29th. Why did he choose me?
Supposedly because "I'm smart" (thanx for the compliment... of course I'm not sure about that)
Hi
me: Hi
you're smart
why "'programmer'" though
me: 😆 what do you mean?
😆 .. could've been "regular guy", "law student", ""hacker"" (with the extra quotes) ..
me:
but it's good to write code!!
[ actually design systems ].. then implement components with code
what do you do ?
Nothing in this initial contact was actually saying "Hey I'm the guy you are all looking for"...
but I just knew immediately.
He also did not contact anyone else at the time so I knew I had to be careful and first of all — first mathematically confirm I am indeed talking to the correct person. If this is possible anywhere, it is possible on the blockchain. At first Mr. Coder did not want to prove it... but I still kept on talking a bit because it was very interesting and there will be no such opportunity. I felt excitement and privilege that I may be able to offer some useful thoughts. Even if not, I could see into the mind of the exploiter just a little bit. Not a lot was known about his thinking, personality and motivations before then. I also did not tell anyone else in Discord about this contact because I promised so and I also was not yet sure that someone else is not just playing games with me.
Two days later he did indeed sign an offchain message and he also sent a message to a random blochain Wallet X picked by another community member (ibex) who was invited to the chat. Ibex was one of the people attending our weekly meetups on thursday. I decided to invite him because he seemed to know some good practical law and he also did mountain biking :) He proved exactly the right choice. I knew I should not invite someone too geeky but a guy with "real life experience", a bit more entrepreneurial than "just a coder" even if I knew him only for a week or two and only in voice over the internet. He also said he'd be very interested in reading this book and I appreciated that. Finally, he was very friendly and responsive and he seemed to keep promises.. and also he was online when Mr. Coder was and I thought it might be a good idea for the next step so I am not alone chatting with him. I thought he might get bored with me and I ran out of ideas how to offer any more relevant suggestions on how to proceed with final returns (last $30 million).
Depositors are wondering what really happened and we love to learn how this industry actually works. I will share more or less everything I know while still trying to be fair to the people involved, esp. Mr. Coder — a talented and lucky person in the process of reformation and personal growth.
im in ways to reform
The exploit was hard to see for most but he had a natural insight, he did not have much trouble spotting the issue:
i didn't eat up all the theory tho -- im not smart
just saw the function and started testing
i was playing with Etokens and Dtokens .. and with the (this one was innovative, i liked it) liquidity status thing
Everyone smart will always say "I'm not smart"... so he indeed is smart but is he using his brain for good?
I still think he is an interesting (obviously) young person but the story gets complex. It is debatable if he is also decent and moral or not. Amazing and unique for sure. It is also not evident if he is actually a great coder at current point in life or just someone with quite limited specialist knowledge who is very narrowly focused for his own profit. At this stage he is likely not someone capable of working on a serious project, alone or with others because his mind likely always seeks loopholes and shortcuts. He has a chance of being both — a decent person and an amazing coder — but only if he keeps on staying on the right path going forward.
At the end we turned out to be lucky exactly because he found the exploit and not someone else. Then we would have to kiss all funds goodbye... it was a very near miss this time as it is. With someone slightly less decent (or more cunning?) the outcome would be more catastrophic. $200 million is a lot of money even considering the inflation — it is still worth something and this is a lot of houses with pools... and no, it is not normal for a DeFi protocol to lose such an amount. The original sin was a coding mistake. Mistakes happen but the reason for the entire mess is that mistake and not just the exploit. Euler team is very brave for working on a such complex project always knowing that mistakes have occured and will occur. One needs luck as well to catch mistakes before someone else does. They did at least six audits and nobody noticed. The main problem was the mutability of smart contracts though but here again, you cannot innovate very much without Smart Contracts being changeable at least in the beginning.
It is not to say that the decision to give it back it was only up to him or he was just chased into a corner because of the nature of blockchain technology and the fact that there are a lot of very smart people on the other side of the equation not letting him get away with it. He may say he wanted to give it all back from the start but the facts are showing a bit different story. He seems to have wanted to keep most of it but the pile of money was just too big. He might have gotten away with it if the hack was 10x smaller. Perhaps. There is a small but non-zero chance he indeed wanted to return most of the money at some point after initial shock was over for him. He claims he wanted to return everything from the start — this is also possible and decide for yourself what you want to believe in this regard.
Mr. Coder didn't even expect the hack to work:
the first day, i was almost sure it was not going to work
the second -- i overestimated my abilities
the third, i realized
.. in the following it was clear i had to return the money, just wanted to buy time to find the best way
I feel very bad for what happened to him (it was not easy) but also to all of us (it was deinitely not easy).
Along the way we also learned that all our previous community efforts were incredibly relevant because Mr. Coder was always observing and following our communication in Euler Discord chat as some of us rightly assumed. I don't remember who said it first (I did not) but it was important to assume he might be there. At some point in time when nothing was happening (on the outside) for quite some time we started speaking loudly about us having to be sure that the team is actually speaking and negotiating with the hacker and not just trying to find him through authorities. A day after this was suggested and discussed the blockchain messages started flying in and then we knew Mr. Coder wants to talk and is talking. I thought of this video by Steve Jobs. You can indeed poke life to see what comes out of it! If you don't poke, nothing happens. If you do poke still nothing useful may happen but what if it does?
Three days later suddenly over $130 million was returned. We were all quite thrilled to see the initial 51k ETH transaction going to Euler Deployer address. Check the entire timeline on EulerAnalytics Dashboard (on the bottom).
I received a push notification on my phone through the DMT SYSTEM push notify module while on the playground with kids. This was because the new Euler DMT subprogram was monitoring the blockchain and publishing Discord bot messages for all to see as well as push notifications to anyone interested in this mode. I just smiled and said this is going to work out well at the end. Small things like that are important, I was much more calm not having to check the blockchain manually. I could play with kids and wait for good news buzzing in my pocket. Again, things and approaches not everyone will understand but this has been proving great over and over again and there are many other ways to do it as there are many use cases for such unintrusive critical realtime notifications totally under control of individual power user (not centralized). More about this over the years for those that stay in touch. DMT SYSTEM is a project for next decades with ever-growing community of detail-oriented tech enthusiasts. I am taking this experience to rise to a new level as well because I believe in principles of antifragility and resilience. In the first days after the hack I decided this will be the final push to start writing the book I planned to start a long time already but just haven't. The exploit and immediate aftermath would be the start of the book and then I'd go ten years back in time to refresh my memory of how I got here in the first place.
The exploit also showed me where to focus next with code because I was getting a bit too lazy one might say. I had some good prototype tech deceveloped but it needed many more important use cases. I always bring my projects forward fast when bockchain hacks occur and I've been through four great ones — all of them special and one-of-a-kind. They are part of sovereign life and each one of them is different but they all sting a lot. The last one stung the most because I was kind of trying to retire from hacks. So back to our story again, sorry for the plug about push notifications aspect of the DMT SYSTEM and also about my life.
Team not communicating with anyone was very unusual, turns out to be the right decision but it might also not have been. A lot of discoveries and outcomes in science are path dependent, this means that if we all did not succeed with recovery (and we almost haven't) then the decision from the team to stay silent might have been seen as a big mistake. Now the outcome is great but the decision, in my humble opinion, to keep everyone in the dark was still not the best. Now we know that a lot less was happening when we thought things are always progressing. Things were stalled at a few points and nobody still has any ideas about the real-world identity of the exploiter. Sometimes things are just funny like that.
I want to make sure this book is informative, thoughtful and also interesting to read many years in the future, not just a quick dump of observations and unverified facts. Processing the last three weeks is still happening because there was a lot going on all the time in lots of heads, the outcome was far from certain, it was intense and it just concluded. The continuation of technical recovery efforts of the Euler protocol is just starting now with many capable people giving input. If community efforts were critical or not is for everyone to decide individually but one thing should be perfectly clear: without these efforts us depositors may never even have the slightest idea how negotiations were happening (or not happening).
My conclusion about negotiations is that they were extremely chaotic and always in danger of hacker just leaving everything as it is, never moving any founds, then disappearing. He was better than that but this is exactly what happens to most of the hacked smart contract protocols. Money is syphoned somewhere and that's it. This approach is indeed quite evil and here this was not the case. I am worried for the future of smart contract protocols because no amount of tracking the funds can solve this fundamental attack vector when perpetrator is never found and nobody can get the money. This is also exclusive to our great SciFi technology called immutable Ethereum blockchain. Ethereum broke that rule only once in its entire history — in 2006 — and nobody expects this to happen again so everyone knows that every DeFi protocol has to be as careful as possible with funds.
Was Euler careful enough?
Chapter 3
Some anger comes out
If Hollywood has taught us anything, it’s that you don’t mess with the Prince of Darkness unless you’re prepared to handle the consequences.
My opinion of the Euler team outside of the coding and operational abilities (or lack of them) is still forming. It also seems like they are not truly owning their mistakes that caused all of this in the first place. For full eight months there was an open invitation to exploit deployed on Ethereum blockchain waiting to be found by someone. No advanced safety mechanisms were in place and Smart Contracts were upgradeable. This was not disclosed properly.
The team and CEO were announcing their security prowess at every opportunity possible. Mistakes happen but you also have to own them. I know that most of us did not contribute any code or special insight but still, we deserve some kind of apology. It is a business after all and when businesses lose all their customers' money it is always quite a special day. Even in DeFi.
They are not doing that. Not a single word of apology. Money came back but barely. Looking from a far it was probably 1% chance that this would be the outcome. Much more likely everyone would have to kiss their collateral goodbye.
Instead they are proud that this is now one of the largest recoveries in blockchain history. Really? I wouldn't be so proud to cause hell and then get the funds back mostly by pure luck, some pretty important help from community (I did my part too). It is not especially brilliant to make one of biggest recoveries, it would be more brilliant if the hack didn't happen. We shall explore in what ways it could have been prevented assuming that coding mistakes are always possible. It is also true that it is easier to roll back such a big hack than the small one, so they were double lucky that this was a little too big to go through. It brought just enough of world's attention and it got resolved because the hacker did not have really good options. He might have decided to just leave the money there though and he did not. Exact reasons still unknown but some say he has some morals apart from just looking what's best for him.
I was also accused of self-promotion while helping with recovery full time for over three weeks. I "self promoted" the recovery efforts and this site where the story is laid down as factual as it can be. After this I decided to leave the official Euler Discord chat. I'm not even expecting any monetary reward / bounty since in the words of CEO: "Not something being handled by Euler Labs company, so I can't really answer, but I think this one will be lower priority in terms of timing". I did not ask that question but people seem to be interested in this, instead they get further silence about everything, just as in previous three weeks. One of the most crucial skills of any leader is proper prioretization and clear communication. This example is not why the title of "CEO" was invented for, for sure. There are many other examples if you look with your brain instead of just superficially.
Truly wishing good luck with medical personal and family recovery though and please take all these learnings as you navigate the complex restart / refund process soon. Everyone should have the opportunity to improve in all ways possible and perhaps this is one of such occurences. Going forward in the same way will bring the same results.
I am done with the future of this protocol for some time even if it resumes. I would have to see a lot of great signs that a lot of things changed over there to feel remotely safe. I'm going to fully analyze how the protocol actually worked. A few months too late but better now than never. There is alot to learn and it was a worthwile effort to design something like this but if this is where it stops (for me) then I am stupid and only lucky this time. I need to take this opportunity to gain detailed knowledge about everything related to this.
Overall thank you for the mixed experience and one last recommendation: make bounty payment the highest priority instead instead of lowest and make it transparent and no I don't want that money. I do want my invested money back safely though and in weeks, maybe few months not much longer.
Don't make another mistake, pretty please... One $200 million almost irrecoverable mistake is just enough. Thank you.
Looking a few years in the future that was actually at least a $2 billion mistake, right?
You can indeed do better, all of us can. Step down from the piedestal and apologize first. Then pay out rewards, then safely return the money, then do whatever you want.
"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King Jr.
Also kindly notice that it has been very stressful for everyone indeed. For everyone. Indeed.
This chapter is a bit emotional and I hope this is understandable. Two wrong things happened and one right thing so far.
First wrong thing was actually making it possible for someone to steal the entire protocol's balance. This should be possible to avoid. If you cannot then you better don't work or DeFi protocols, advanced or not. I think that from now on every protocol that gets hacked for $200 immediately falls into the "loser category". There are simply no excuses. It's a brutal world, yes, but about 10 years in we should start doing better. Mind you — this is not a bridge that was hacker, or maybe some other multisig when enough keys were stolen through social engineering. This was a decentralized protocol where no such things should possible. Smart contracts and programmable blockchains were invented exactly to make permissionless and secure autonomous protocols possible. We should make a collective knowledge base where we distinguish between things that are expected to be hacked and those whose basic promise is that they never get hacked.
All of this is subject to reconsideration based on discussions with anyone that wants to discuss. This is a draft of the book, version 0.1! Learning myself and still mad at ... I don't actually know who! :) I'm cannot tolerate mistakes, that is my problem. I can for some time but when they never stop then I question everything. I am even more strict in the code I'm writing (which are mostly not Smart Contracts) but it can also get complex and full of mistakes. I try to get rid of every single one even if it takes weeks or months.
Second wrong thing was someone actually stealing it. This was not possible to avoid. Someone would do it sooner or later, like very soon. It is a miracle it didn't happen earlier since the bug was there for eight months.
Third — positive thing — is that the money came back. What happened between second and third was wild indeed.
Self-promotion section
Hey, David. Thanks a lot for connecting. And for all your work on Euler since the hack as well. Your contribution there has added a ton of value and rationalism across the whole community. Tony.
You're most welcome and indeed, I concur, many have showed great support and morale as well. Some names I recall= @duncanct @davidhq @DingoApe and of course others
Some folks will never be happy. Yourself, @davidhq, & others, have added a ton of value, calm, & common sense since the hack. Real credits to the community. And the team somehow managed to turn a near-death situation into something that could well allow for a viable restart of sorts. Still, some would rather indulge in complaints & conspiracies - rather than show even the tiniest gratitude.
The best places to check for updates are this bot which monitors activity from the hacker's wallets: https://discord.com/channels/
1086033900704387072/108925668380666
6804 or if you want a website with more analytics: https://zetaseek.com/EulerAnalytics
Been following this throughout. Many on here, @davidhq and a few more, have offered much valuable insight from the start. A question I'm considering a little here - does anyone think a recovery of well over 90% is possible? The highly distressed tone of the last message from the hacker (plus the fact that he uses his own name) could suggest he has essentially been caught out either because he left an on-chain trail or because any investigative team brought in by Euler has uncovered his identity through more conventional means.
@davidhq Thank you SO much for the onchain bot
always agree with your words in the 20 long days as a normal victim in the issue, not like those guys just joined the channel after the hack saying like bots.
Any way, I appreciate you sharing and reaching out. I would very much like to develop more connections with people related to Euler. I think highly of the Euler team and I choose to believe that they are doing their best.
Very much appreciated. Especially for all vour incredible work throughout.
thanks for the detailed explanation david and its appreciated what vou did for the communitv!
Chapter 4
Taming volatile thoughts
The world is chaotic, sometimes less, sometimes more. When going through turbulence I believe it is important to stay rational but at the same time allow for unfiltered stream of thoughts that don't always make complete sense (yet?). Thoughts can be refined as more time passes and as past thoughts are combined with more recent thinking. I will continue converting my current thinking directly into writing even possibly at my own expense since I know I can be annoying but it's mostly for a good reason (not always). I just don't want precious material to disappear from my head until put in written form and I want to do it in public to get relevant feedback continously. Even more importantly I don't want many others who were close to just move on without writing anything down and sharing with others. I encourage them that they do. The end result some time later should be overall more polished and refined. I am actually still confused and processing the events. Everything leading up to here, not just the last three weeks! I will be in an abnormal state of mind for some time to come. I plan to take advantage of this because special states of mind can often bring special results.
Initial stream of thoughts was recorded on March 16th 2023, three days after the unexpected exploit of an advanced DeFi protocol. I just rewatched it and it stood the test of time, I think I managed to compress everything I felt then into that recording. I was not sure that what I was expressing made sense. But it did. In more recent writing I am also not quite sure yet but will self-correct as more is learned. Mostly what is bothering me at this point is further opaqueness.
In regard to a broader story — security in DeFi — I am still not quite sure what to think — I see and hear many others that are losing faith bit a bit and don't want to touch DeFi protocols anymore because they are too scared.
I am still enormously fascinated with the exploit although I am not sure anymore exactly how advanced it was, but I'm am figuring out that as well. I know the initial idea was obvious in retrospect but still not easy to see, it was a bit unexpected for all and we know that or the hack wouldn't have happened. We also know that the exection was not perfect and the exploiter almost botched it.
nah, they just hardcoded the withdrawal address. it wasn't a sophisticated frontrunning protection. a better frontrunning bot would've replaced all PUSH20 opcodes in the exploit contract with addresses under their control. a more sophisticated hack would've used a private mempool to deploy the attack, to avoid frontrunning. a more sophisticated attack also would've used multiple pools to swap wBTC for ETH (and used a private mempool) to avoid getting rekt by high slippage and sandwich MEV searchers. all told, 10/10 for finding the bug, 9/10 for exploiting it, 3/10 for execution. (@duncancmt)
Advanced or not, does it matter? It hit different for sure because this was not some random DeFi protocol that was neccessarily doomed from the start.
What about the hacker? By the way hacker is not a dirty word:
“Hacking is the clever circumvention of imposed limits, whether those limits are imposed by your government, your own personality, or the laws of Physics.” Jude Mihon (1996), Hackers Conference, Santa Rosa, CA.
or even more concretely:
- A clever, unintended exploitation of a system that (a) subverts the rules or norms of the system, (b) at the expense of someone else affected by the system.
- Something that a system allows but which is unintended and unanticipated by its designers.
Source: A Hacker's Mind
There is still chatter around about questions like is the Euler hacker a good person? A bad person? A criminal? A saint? Smart? A fool? Does he in particular even matter that much?
There's another trait on the side which I want to talk about; that trait is ambiguity. It took me a while to discover its importance. Most people like to believe something is or is not true. Great scientists tolerate ambiguity very well. They believe the theory enough to go ahead; they doubt it enough to notice the errors and faults so they can step forward and create the new replacement theory. — Richard Hamming
I think the hacker (Mr. Coder) is all of these things. He is complex and still figuring things out himself. He did not know what he is getting into, to him it was initially just an interesting piece of code that had potential flaws and he wanted to prove (to himself) that he is right. He did it in a bit of a wrong way and he is aware.
it was just too big from the beginning
worst mistake of my fucking life
.. but it was just a command of difference between my test net and mainnet
but been doing one fuckup to fix another fuckup .. that's how things worked out sadly
What about the team? To expand on the hasty opinion from previous chapter which I still totally stand by: I think they were hard-working and well meaning team that innovated and were aware of the risks. For example see this interview. So they were much more well meaning than not. Actually they were well meaning for sure, they did not want or plan for any of this. That said the original mistake is still with them firmly enough. The problem is fully theirs and they (actually we) were more lucky than smart in getting the money back. If one is not upgrading their smarts all the time then the luck also tends to run out unfortunately. One of the most crucial mistakes (it turns out) by an unknown decision maker from the team was to decrease or remove the reward for exploits. In current state of DeFi either you don't make mistakes (emm) or you at least offer a substantial reward. In case you are both making mistakes and not offering good rewards to whitehat hackers you are getting drained (the sooner the better) and then you pray to get the money back. Planning for disaster is also better done before the disaster actually strikes. Here the absence of realtime monitoring for problems was staggering and hacker had almost full 30 minutes to fully execute his exploit. This is telling and whoever writes down these words is not going to be liked very much by the Euler team. I know a lot of insiders and tech people are aware of this even without pointing it out but this book is even more for regular readers who wonder what the hell is happening in this blockchain space. I want to show them there is science here, not just a big mess without structure, purpose or any higher goals. Euler are probably also not proud of being the second main character in such a book about current state of DeFi. I wouldn't be either. And I wouldn't be proud to be the recipient of "one of the largest DeFi recoveries either". I would apologize first and then brag about first losing $200 million, then somehow getting it back through some hard work by community but mostly through pure luck. If hacker was someone else then no help from friends and volunteers would help. Science first!
What if some actual scientists from broad range of areas want to slowly get into DeFi? You know why they don't? Because it seems like a mess to them and hand on heart it is. Education helps and we need to write things how they were. Then we might get more advanced users to the space. Euler did not invent anything really fundamental, it was incremental innovation actually but we should look into it some more — what do you think? It does not seem there is actual basic DeFi primitive that emerged from here but I may be wrong (I want to know!). In any case they can now serve as a great case to dissect to make other surviving and upcoming protocols stronger. A lot of them are looking hard into their overall security practices because they are aware of dangers even more.
It is not if but when someone finds a loophole. Hackers have some artificial help now as well.
To reiterate Euler was amazing and innovative but I personally just don't know how much. Were some aspects thought of as true innovation actually bad design choices? No idea yet but I want to know and will try to come closer to knowing.
Did one small omission really cause all this or was there an interplay of things? How risky was all of this from the get-go? Is there some other possible issue that could have destroyed the protocol in the same way? Can we really know if the rest of the code / cryptoeconomic design is flawless? If auditors and the team missed one rather simple problem did they also miss some other more subtle problems? Was the problem they missed this time actually a said bad design choice (liquidation bonuses)?
What about the recovery process? I don't care that much about the details of it. I care about a fair outcome but won't try to influence the current happenings (I hope there are happenings though). I fully believe that the community cares very much and is very capable of guiding the process towards the correct outcome. Probably not everyone will be happy and we may possibly get less out than expected. Will Euler team decide to use the treasury though? Here is one opinion by Greystroke user ... who is one of the people with a lot of collective merit for hacker returning funds because he always had good insight into the developing story:
The more I think about it, the more annoyed I get that Euler Labs is really botching this reimbursement plan. They have far more than enough funds between recovered assets, sherlock insurance payment, reserves and Treasury to resolve this in a way that gets all depositors back their original collateral assets (after debt either paid back or debited from the collateral deposited) and still plenty of funding left in the Treasury to relaunch the protocol if that their intention. This should not need to be a acrimonious negotiation or legal battle between depositors and the team. It was Euler Labs that screwed up by introducing the bug (and the auditor’s fault as well, but they already paid for it) and it is well within their power to make this right and still resume the protocol. AsJulian said above, they should value their social and reputational capital over maximizing their monetary capital. It not just the ethical thing to do, it is the better business decision if they want to continue operating in the Web3 space
Do the VCs also want their money (before depositors)? Is this why the treasury is supposedly not going to be used to plug the hole? It could seem so but I really don't know. I would bet on it though because it is a valid assumption given the evidence. And yes, it is great when things go well and you get all the praise and rewards but when things go sour we still have to navigate through everything with fairness and ethics. VCs took more risk with their capital than did the users of the protocol. In normal world VCs get their money back last when the business doesn't do as promised and it fails catastrophically.
Imagine the problems for the Euler team if the hacker did not return all the money he held in his wallets at the end? Is it even fruitful to search who to blame? It is surely not diplomatic or nice between friends but very much needed because otherwise DeFi will always be quite comedic. Oh we lost a few hundred million again. My belief is that at some point it has to stop or this is all going exactly nowhere. We are not looking at one guy in particular who did the mistake but possibly a deeper problem. Be it with that particular teams' organization or with the entire architecture of shared liquidity. If these types of attacks just never stop then the architecture is wrong. If they do, then some teams were either astronauts and unlucky set of circumstances happened early in the game or they were just not careful enough!
Hacking smart contracts is, in some ways, actually easier than hacking regular software.
Smart contract hacks usually rely more on regular logic rather than some obscure low level technical detail like a memory leak.
Doesn’t mean it is easy, but I’d say it’s a bit more accessible than others types of hacks since you don’t need to be as skilled at computer science.
Apart from the team and their actions, security practices and the rest we have a separate story which is of three entities: a) a set of smart contracts running autonomously (without maintenance or servers) b) a set of users interacting with these smart contracts c) an exploiter. So users (depositors / borrowers) had a relation with some smart contracts and then someone interfered.
I don't give up easily but there is a bit of desire to take a break. Then I will slowly explore how the Euler protocol itself was designed, what were its goals, what challenges it faced. I think I'll be in aave! These things are hard. I need to remember to keep coming back and learning more. If not then I know I'm disappointing myself and promises I gave to everyone and myself to keep on figuring this out. It would be easy to stop now that we are supposedly at a reasonable enough place with money and refunds.
I want my money back
I want my money backIt's all or nothing
And nothing's all I ever get
Every time I turn it on
I burn it up and burn it outIt's always something
There's always something going wrong
That's the only guarantee
That's what this is all about
I am definitely not yet in a good place with technical knowledge acquired / required. I hope to remedy this over next months and I hope that I don't get distracted with "more interesting things" as I tend to. I suffer from novelty addiction.
Next time we engage in an interesting thought experiment that explores the dynamic between 'you' and 'the exploiter'. How would you design the perfect exploiter if given the opportunity?
Enter HackerDesigner PRO RealitySelector Interface ... Choose your destiny!
Chapter 5
HackerDesigner PRO 4.0 beta
Let us assume that we are living in a simulation, metaverse, or open virtual reality world.
There is a real-life monetary protocol with more than X million dollars in value deposited, serving its users, growing every day, soon to be Y billion in size. This protocol is supposed to be safe and is built on technologies that allow for perfect or near-perfect safety.
On the other hand, the same technology also poses a challenge in obtaining refunds in case of any mishaps. Therefore, it is crucial that nothing goes awry if this endeavor is deemed valuable. We are dealing with a significant societal protocol, not a mere toy or some fraudulent scheme.
You made an informed decision to permissionlessly deposit half or more of your hard assets into the protocol as collateral, allowing you to secure a safe short-term loan. This loan will assist you in funding urgent requirements while still retaining ownership of your hard assets.
Without such protocols in this metaverse, nothing can operate efficiently, rendering its underlying currency worthless and merely speculative. Currency is a crucial component of any economy, and lending and borrowing are among its most fundamental aspects.
Without such basic financial primitives crypto has no value. In this instance it is actually not backed by anything worthwile since there is no real economy built on top of otherwise sound scientific distributed systems fundamentals. If no such protocols can be built to survive long-term because all of them are compromised in due course, it could lead to a complete failure of the entire experiment.
After more than a decade, it seems that there are only a few possibilities: either the Solidity language is intrinsically unsafe and incapable of automated failure detection, or developers are indifferent to its shortcomings. Another option is that autonomous advanced cryptoeconomic designs are just too complex with too many possible states. It is challenging to conceive of a fourth alternative. If not the best developers, then who can we trust? Is it possible that the pressure to compete has led to haste in development? The structure of the development process may be unsound in such cases, with venture capitalists pushing for rapid progress. The question then arises: is it too unprofitable to prioritize safety over speed?
The simulation has come to a halt as our AGI overlords, who were responsible for its creation, have intervened. Every participant in the protocol has been notified through an on-chain message in the latest block before the freeze. The message warns of a bug that has been discovered in the protocol, which someone will exploit to their advantage, resulting in the loss of all funds when reality resumes in the very next block.
Seven thousand people are now called in to design their own fate. They are tasked with selecting the best type of hacker who can identify and exploit the curious unwelcome coding error. The selected individual will be the one to complicate things for everyone.
The HackerDesigner GUI interface offers a limited set of options, and the simulation will proceed with the aggregate choice of all protocol users. Unfortunately, there is no perfectly honest "white hat" hacker available in the options. Each choice has its flaws and will lead to different outcomes after the exploit. Surprisingly, there is no white hat hacker option due in part to the protocol team's decisions. They did not believe that offering a substantial bounty for identifying potentially catastrophic issues was necessary since they deemed such errors unlikely. It remains unclear why they did not consider the potential value of upfront rewards.
We can now choose between:
- A rogue nation state.
- A serious hacker who has no remorse and also knows how to launder millions.
- A joker who wishes to teach everyone a lesson and takes the funds out, then vanishes immediately, leaving them in an inaccessible wallet.
- A young, skilled but yet inexperienced and quite unpredictable Smart Contract explorer / exploiter.
- A criminal organization.
Typically, we do not have the opportunity to express our preferences and have little influence on the outcome. However, on this special occasion, in order to make it more exciting and to celebrate life, technology and the metaverse, you can express your preferences and help shape the result.
What is you pick?
Quickly! The simulation will resume in a minute or two!
Chapter 6
Sparks
Simulation is resuming, bootup sequence successful.
Blocks are coming in one by one, each full of interesting requests for compute. Fabric of reality faithfully executes each such request with no questions asked. It always works as planned. The system has been reliable for many, many years already and is looking to do the same expected thing for many thousands of years — maybe.
Compute requests move the timeline of inside and outside reality forward. Latest state of affars is the result of everything that happened before on the inside of this computing system. Future is determined by the current state and all bits of code that are arriving into the global processor next. A batch of all requests in certain timeframe gets packaged into a "box" and this is what we call block. Blocks are chained together by secure mathematical links so that timeline is undisputable. Everyone knows where we are at.
All requests for compute — or transactions — do very different things but they all have something in common: someone paid to execute them. They are all coming from accounts with positive cryptographic balances. If someone or something wants to influence the cryptographic state of reality they have to spend some amount of Ether. In computing nothing is ever free and in this system the cost is expressed through gasprice. Paying for gas with Ether primarily prevents bad or just bored actors from clogging the network with irrelevant requests. Such requests are called spam. If you want to do something useful to you then you have to pay. The more you want to do and the more others want to do at the same time, the more you have to pay. Cost can be a few cents for executing simple instructions in relatively idle times to many dollars for more resource-intensive desires or when the network is in high demand. On this global network the cost is not actually paid in dollars but rather in a base-layer cryptocurrency called the Ether. Unrelated to anything just described the Ether price measured in dollars is dynamic and fluctuates through forces that nobody in the whole universe understands. Reasons and motivations here are just too dispersed, everyone contributes just a tiny fragment to the final number.
Price of Ether in dollars is far from the most important thing about this system of thought and compute. Some people are happy with just following the price but they too can feel the hidden depths of this technology. They know things are happening underneath and either they or their kids will get to use the system directly with enough courage and progress. Can it go very badly for them? Sure! Like anything in life. Usually things are resolved and problems are mostly here to teach us lessons.
Some of the weirdest people alive actually use the system today and pay hard money for the privilege of having a say about the next global computing state. Some are a bit afraid as well, they think this simulation is quite scary. Oh please! This is the safest computing technology in existence, everything is transparent, robust, system is never down and... ohhh wait, what are these sparks though? Did someone put two wrong wires together?
What just happened?
People all over the world just waking up and scrolling through the news they see something strange: giant amounts of different tokens are being syphoned out of the protocol they relied on. It is quite a feeling. The guy over there gasps for air in disbelief, another person cancels their marriage, someone is already arranging the selling of their house, lady puts her car up for sale, a family abandons the idea for house renovation, another couple decides to stop making kids until further notice and so on. It's pure chaos!
Did the system break? This feels almost unreal and is quite unexpected, surely it must be a glitch?
After a very short while it is determined that the system is still working flawlessly. Reality performing as expected, not a single mistake in the fabric of state transition logic.
It looks like that system worked but did it do what most people wanted? No.
The problem lies in one weird carefully crafted transaction which managed to change the state in an unexpected way and now everyone in the Euler protocol is out of their money in an instant. Protocol designers did not anticipate such a transaction.
So what went wrong?
Chapter 7
A Very Special Notice ™
~ The book is paused over the Summer ~
We interrupt the simulation to notify you that there is a much more important book emerging at uniqpath.com.
~ 🚀 A new chapter each start of month. No exceptions, no excuses! ~
Check it out!
Chart your course, but not too strict.
For life may offer a greater gift.
Set goals to reach, but leave room to stray,
And serendipity may brighten your way.
The Euler Story will still continue but priorities are priorities and without this incident / shock the uniqpath (main) book would probably not happen in this shape and form. Or it would, who knows ...
Hyperspace is wild!
To be continued ...
What happened on March 13th 2023?
That day a blockchain protocol Euler suffered an exploit where almost all user funds (more than $200 million at the time) were gone in an advanced (?) exploit of its Smart Contract system.
Smart Contracts are immutable programs that are supposed to be impenetrable and bug-free. Programming mistakes always happen and only time can tell and prove that a protocol is 100% safe.
Euler blockchain protocol had a special architecture with many centralized points of control which allowed faster innovation and flexibility but unfortunatelly it backfired.
Users found out that Smart Contracts used in the protocol were not really immutable but were using a Proxy Contract design pattern which means that the Smart Contract you were using yesterday was today an entirely different Smart Contract.
Smart Contracts were invented to be immutable and tamperproof. There are valid reasons to (temporary?) use a more dynamic / mutable approach but we feel it should be clearly disclosed at the outset. As things were a detailed look into the source code of the protocol was needed.
In August 2022 a new functionality was introduced through this pattern but users were still assuming they are using the same protocol as before. Actually they didn't notice anything different.
Some of them assumed the Lindy effect meaning that the longer some code has been running the longer it can be expected to run safely because it has been proven over time. This assumption was entirely wrong and actually reverse since the shared pool of money was growing ever larger while at the same time new code was added. Bigger pile of money was becoming more and more attractive to exploiters and dynamic upgrades made it ever more dangerous at the same time. Smart Contract code was like a fence around a common pot of gold which was getting bigger all the time. Fence was also constantly worked on. When some small trace of rust appeared on the fence after latest "upgrades" no-one noticed... but the hacker did. He wrote 130 lines of code which made the gold disappear in the span of 30 minutes. No automatic realtime failsafes to shut the system down (and taking advantage of more flexible and thus dangerous architecture) was executed. So the flexible upgradeable architecture of Euler protocol actually made everything more dangerous while at the same time not using its own set of advantages to shut the system down / replace the contracts in realtime once the money was geting syphoned out.